Problems with EAP-TTLS/EAP-TLS

Sjors Gielen dazjorz
Fri Oct 24 05:15:46 PDT 2008


Carolin Latze wrote:
> 
> 
> Sjors Gielen wrote:
>>
>> [snip]
>>  
>>>         client_cert2="/home/latze/impl/basisk-eap.pem"
>>>     
>> Why client_cert2? Are you sure that's right? :)
>>
>>   
> hm... if I use it with "client_cert" (without number) I get
> 
> AP-TTLS: AVP: code=79 flags=0x40 length=14
> EAP-TTLS: AVP data - hexdump(len=6): 01 01 00 06 0d 20
> EAP-TTLS: AVP - EAP Message
> EAP-TTLS: Phase 2 EAP - hexdump(len=6): 01 01 00 06 0d 20
> EAP-TTLS: received Phase 2: code=1 identifier=1 length=6
> EAP-TTLS: Phase 2 EAP Request: type=13
> EAP-TTLS: Selected Phase 2 EAP vendor 0 method 13
> SSL: Initializing TLS engine
> ENGINE: Engine ID not set
> TLS: Failed to set TLS connection parameters
> EAP-TLS: Failed to initialize SSL.
> 
> And following
> http://user.uni-frankfurt.de/~testrad/wpa_supplicant/wpa_supplicant.conf.examples
> 
> 
> I thought I had to use "client_cert2". You don't think so?

I'm not very familiar with the exact authentication process, but it
seems like you need client_cert for the initial EAP-TTLS authentication,
then for phase 2, you need an additional client_cert2. Does that work?

Sjors

> Regards
> Carolin
> 




More information about the Hostap mailing list